Digital Forensics, Incident Response & Data Breach Management Services

During this time the scope, scale and complexity of attacks have evolved and as the Security landscape moves, the hackers move with it, often circumventing and exploiting the new security controls implemented by the IT security professionals.

3B Data Security staff have a wealth of experience and expertise having been exposed to a plethora of different incident response scenarios and forensic data breach investigations, - ranging from a cottage industry business run from a home garage to multi-national cross-border blue chip organisations.

Other examples include utility providers, financial service institutions, insurance underwriters, hoteliers, hosting companies, level one merchant retailers, payment service providers, online retailers, gambling/gaming companies and motor manufacturers. We have also worked with and for law-enforcement agencies, the Information Commissioners Office (ICO) and with legal/litigation teams within law firms and solicitors.

Staff members have been certified under the CREST Cyber Security Incident Response (CSIR) scheme and hold the CREST Certified Incident Manager (CCIM) accreditation. In addition, they have also been certified as Core PCI Forensic Investigators (PFI) and Qualified Security Assessors (QSA) by the PCI Security Standards Council.

If you have a cyber security incident, believe you are under attack or have been compromised, then call us immediately for assistance on 01223 298 338 or email us at IR@3BDataSecurity.com.

If you want to take a more proactive and pragmatic approach whilst benefitting from the knowledge and years of experience which the 3B Data Security team possess, then why not speak to us about our Cyber Security Incident Response Retainer Service (CSIRRS). CSIRRS will help arm and prepare your business or organisation with the skills and resources needed to react and respond to a cyber security incident efficiently as it provides you with a 24/7 on-call support helpline, pre-agreed consultancy rates and methodologies, signed contracts and legal documents and proactive security reviews and information sharing sessions.

What would your customers say if they found their data posted on a hacker forum and believed you were the source?

Would you know how to respond if the 10 o’clock news called you for a statement on your data breach?

If you have any doubt to even one of the answers above, then you need sign up to 3B Data Security’s Cyber Security Incident Response Retainer Service (CSIRRS) immediately.

After many years dealing with all types of cyber security incidents and urgent forensic investigations, 3B Data Security have formulated a proactive incident response retainer service that aims to resolve many common problems faced by organisations suffering a data compromise. In effect you learn from all the mistakes made by others before you.

The service is tailored to your organisation and allows you to rest easy knowing help is always on hand and proactive measures are taken to help reduce risk in advance. The service includes:

• A full on-boarding process that includes the confirmation of all agreements, commercials, terms and conditions, legals, procedures and methodologies in advance of any incident occurring
• Access to a 24 hour a day, 365 days of the year support service in the form of email, telephone and onsite support in the event of an incident or investigation requirement
• Methodology and information gathering sharing workshops, reviews of any existing processes relating to incident response and gap analysis summary overview
• Agreed and discounted commercial rates for future related incident response engagements

The advantages to your business or organisation include:

• Reduce the risk of an incident occurring in advance and improve the efficiency and productiveness of the subsequent forensic investigation
• Expertise on-hand 24x7x365 and ready to respond immediately in the event of an incident
• Significant reduction in time taken to react to an incident, as all commercial, contractual and logistical agreements would have already been approved and signed-off in advance
• Dramatically improve responsiveness in the event of an incident, as staff would have been educated on how to deal with and react correctly, in terms of what to do, who to inform, when and how
• Evaluate, conclude and sign off, those critical processes, policies and procedures in advance but in slow time; pre-empt those difficult decisions, answer those difficult questions and find the gaps in the current methodologies before they are called into action
• Improve the overall security posture of your business by demonstrating an effective Incident Response Plan both internally and externally to third parties and clients
• Limit the financial implication and cost to the business of an incident, while also reducing the potential penalties from industry regulators (ICO, FCA, GDPR etc) and help achieve compliance from standardisation bodies (PCI SSC, ISO etc)
• Reduce operational downtime, minimise loss of business productivity and reduce the burden on internal staff and resources, whilst maintaining business independence within the response/investigation scenario

If you want to focus on running your business not on reacting to a forensic or cyber incident; proactively improve the response and investigation process, learn from others mistakes and protect your reputational brand and your customer relations, then sign up to the Retainer Service.

Alongside this 3B Data Security is an approved PCI SSC Qualified Security Assessor Company (QSAC), which enables us to perform PCI Compliance consulting, advisory and audit services to help merchants obtain certification against the Payment Card Industry Data Security Standard (PCI DSS).

Senior team members have been Qualified Security Assessors (QSA) since 2008 and have been investigating cardholder data compromises for Visa and MasterCard since 2007, then subsequently becoming Core PCI Forensic Investigators (PFIs) when the PCI Security Standards Council formed the PCI PFI Program in 2011.

Staff have investigated hundreds of cardholder data breach investigations for all types of organisations large, medium and small, in numerous different environments with ever changing technologies. Additionally the knowledge, experience and relationships gained from being a part of the payment card industry for this length of time helps to distinguish 3B Data Security as a trusted, credible and reliable PCI partner.

If you have suffered a PCI data breach, if you need to obtain or maintain PCI Compliance or simply want to benefit from our years of knowledge in conducting data compromise investigations, then get in contact and we can help you.

We offer tailored first responder and breach management training to both technical and management level staff, based on industry best practise and years of conducting real incident response investigations. The training gives an insight to what will happen when an incident occurs, how you should respond, but more importantly you will be educated with lots of preventative advice, best practise and real life response hints and tips.

Do you want to learn, practise and play out your incident response policies and plans? Perhaps test your staff’s reaction to an incident or simply see what could happen within your organisation (if) when you do get hacked? But don’t want to wait for the hackers to do it for real?

Then utilise the years of knowledge 3B Data Security has in helping businesses react and recover from real life hacking incidents by undertaking a number of ‘mock’ incident response table top exercises. You will be lead through a number of incident scenarios, and as they play out, your people, processes and technologies will be tested in a controlled environment in order to highlight any discrepancies so they can be evaluated, educated and remediated, without the time-critical pressures you face whilst dealing with an actual incident at the same time.

We also offer a Computer Incident Response Public Relations (PR) Planning and Preparation Workshop which helps the business prepare the right PR responses to an incident, find gaps in the current PR Action Plan and deduce a list of playbook scenarios that may need to be considered for creation or amendment. These could be anything from how and when to inform Law Enforcement agencies, first line support / call centre staff, internal development staff, the media, website updates, social media posts, third-parties, acquiring banks or regulators.

3B Data Security staff have conducted both civil and criminal forensic investigations including intellectual property theft, HR / employee misconduct, computer misuse, fraud, money laundering, terrorism, cyber-crime/hacking, malware and financial litigation.

In addition to traditional forensic investigation, 3B Data Security have worked with insurance companies to validate their claims management process, conduct pre-assessment and risk validation for policy underwriters and conduct forensic training courses for corporate IT teams.

In our experience, most digital forensic investigations are initiated reactively, unexpectedly and are often very urgent and time critical. It is with this in mind that the proactive Digital Forensic Retainer Service (DFRS) has been created to help deal with these points and balance the unknown urgency of an incident and increase the ability for the forensic investigation to be conducted as efficiently and quickly as possible so the best outcome can be established. This includes understanding the gaps and weaknesses in the policies and processes, educating staff and first responders, agreeing all the commercials, legal documents and logistics in advance of any potential incident or forensic investigation requirement.

The time saved in understanding the methodologies, agreeing the terms and conditions or simply just knowing who to call could be the difference between a satisfactory conclusion and losing the evidence, losing the case, losing finances and even losing the business’s reputational brand.

If this data is compromised, inadvertently leaked, misplaced or simply stored longer than it should be, the processing entities run the risk of non-compliance and substantial fines from regulators such as the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Credit Card Schemes like Visa, MasterCard, JCB, Discover and American Express.

This is in addition to the reputational risk and brand damage that is caused when an entity hits the news and it is made public that they have suffered a suspected or confirmed data breach. Trying to recover customer confidence and rebuild the reputation in a brand that has been a victim of a data breach is not a simple task, and could be crippling to a business’s future.

Under the Payment Card Industry Data Security Standard (PCI-DSS) and the Data Protection Act (DPA), certain types of data storage are not recommended at all or are prohibited. This data is often stored, be that on purpose, for testing and development of systems, inadvertently by errors in design and coding, legacy systems that have not been fully decommissioned or even stored on legitimate systems by hackers in order to harvest data during an attack.

After managing and forensically investigating hundreds of data breaches over the past decade, 3B Data Security have seen all variations on why data is stored and ultimately compromised by attackers, especially unencrypted cardholder information such as a Primary Account Numbers (PAN), CVV/CVC, cardholder names and addresses.

By proactively searching for unencrypted cardholder data across the computer network environment this data can be located, verified, securely erased and the processes that allow the data to be stored in the first place fixed for the future. This will help your business mitigate against the risks of storing unencrypted cardholder and PII data going forward.

This role is ideal if you want to further your career within a growing organisation where your input, ideas and hard work will help shape its future.

Your responsibilities will include:

• Being the lead consultant within the team, managing a wide range of incidents/investigations and engagements from first enquiry through to report completion.
• Acting as a subject matter expert, supporting customers to better understand their situation and the value that 3B Data Security can bring to their organisation.
• Support, train and mentor the team, acting as point of escalation for complex enquiries and quality assurance.
• Direct, administer and coordinate the operational activities of the team, maintaining an oversight of all sales, case management and budgets. Manage the schedules and distribution of resources to ensure the best outcomes and provide a weekly workflow reports to the Senior Partners.
• Take the lead in generating new business, converting sales and actively seeking new opportunities for 3B Data Security's current portfolio.
• Monitor all processes and procedures, amending and developing these where necessary to ensure maximum efficiency, best practise, security and customer satisfaction.
• People management; set and monitor progress against specific individual targets, ensure the team have clarity concerning performance expectations, the required skills, knowledge and competencies to do the job and appropriate training and development plans are in place.
• Maintaining an overview of the team's financial position, managing the sales process and business efficiencies right through to service delivery and invoicing.
• Support the Senior Partners in identifying business development opportunities, assisting the development and implementation of such opportunities.

Job Requirements:

Ideally, you will already be working within a management role or have been working as a senior consultant for a number of years with a good working knowledge and understanding of what a business unit within this sector requires.

Technical Skills/Experience:

• Extensive experience of digital forensics, incident response and general information security consultancy.
• Excellent relevant technical skills including experience with various digital forensic toolsets, incident response tools, alternative forensic/IR tools and live response triage tools.
• Ability to quality assure and write up investigation artefacts/evidence into forensic and incident response reports to a high-quality standard.
• Skilled in communicating complex technical data to the lay person along with the ability to handle difficult conversations and bring them to an effective resolution.

Other Skills/Experience:

• Experience of leading and managing a business unit including people and operational management.
• Knowledge and understanding of the scoping process within the industry to allow for accurate proposals.
• Excellent knowledge and understanding of the sector and the challenges faced within it.
• Confidence in addressing all levels of staff, from team members through to senior managers.
• Due to the nature of incident response, you must have your own transport and be able to react at short notice when needed.

Job Type: Full-time

Salary: £65,000.00 to £75,000.00 per year and the role will be based predominantly from the office in South Cambridge and on client’s site.

If you are interested in finding out more information regarding this exciting opportunity, then please send your CV and a covering letter (demonstrating why you are the right candidate) to: Jobs@3BDataSecurity.com

The Digital Forensics and Incident Response Team manage a wide range of cyber incidents including PFI and corporate breach investigations, incident response, digital forensic investigations and malware attacks. They also develop and deliver bespoke training programmes for organisations aimed at managing cyber incidents including data breach awareness and first responder training.

Training and hands on practical work in the areas of information security, forensics, and PCI-DSS will be provided to help build the skills required to become a successful incident response digital forensic investigator.

Job requirements

• A solid background in a field related to our line of work for example cyber security, forensics, networking or programming. You will either be working in a related field currently or a graduate who has practical experience in the field.
• You must be passionate and enthusiastic about information security and be proactive to increase your knowledge and skills in this area. Including keeping up to date on industry developments, standards, methodologies and vulnerabilities.
• You must have excellent communication skills and be customer focused.
• Due to the nature of incident response, having your own transport would be beneficial and you must be able to react at short notice when needed.

Preferable Skills

• Experience of conducting forensic imaging and acquisition of computer and storage media.
• Experience with standard forensic toolsets e.g.: EnCase, FTK, DD, WFT, Backtrack, SIFT, Nuix and/or Penetration Testing suites etc.
• Experience with different operating systems such as Linux / Windows / Mac.
• Experience of networking technologies, devices and protocols.
• Experience of analysing forensic evidence, report writing and the ability to communicate complex technical data to the lay person is also a must have.
• Knowledge of programming with one or more of the following languages: Perl, Python, Ruby, PHP, ASP, SQL, HTML.

Job Type: Full-time

Salary: £20,000.00 to £28,000.00 per year and the role will be based predominantly from the office in South Cambridge and on client’s site.

If you wish to apply for this exciting opportunity, then please send your CV and a covering letter, demonstrating why you are the right candidate, to: Jobs@3BDataSecurity.com

No Agencies Please